Pricing
Select your products
.png)
.png)
What Customers Say
We have been pleasantly surprised about the lack of friction when trying new features outside, like container scanning, that are outside the traditional SCA scope. It took us just five minutes to set up a CircleCI job and give it a container from our registry, and we were immediately seeing results."
Endor Labs helped us cut through the noise and focus on what matters. With fewer alerts and more accuracy, our teams now spend more time building and less time chasing false positives. Endor Labs has made secure development faster and easier to adopt across Zebra."
Software analysis is hard, and there's only one company [Endor Labs] that's doing it correctly.”
%20(1).avif)
Passing lists of unsubstantiated or irrelevant CVEs to engineering takes a toll within lean organizations like ours. Endor Labs lets us build trust by focusing on software supply chain risks that actually matter.”
FAQs
AURI for Developers is a free tier designed for individual developers who want security feedback directly in their AI code editors. All scanning happens locally, and you get read-only access to Endor Labs’ vulnerability data. There is no UI, policies, or scan history. It's a great way to get started with Endor Labs or evaluate the platform before rolling it out to your team—no commitment required.
Core and Pro editions are paid tiers designed for teams. They add deeper scanning, enterprise integrations, policy enforcement, and the reporting and workflow features that security and engineering teams need to manage risk at scale.
Endor Code focuses on risks in your first-party code—the code your team writes. It includes AI SAST to detect flaws and vulnerabilities in your codebase and pull requests, plus secret detection to catch exposed credentials and API keys before they reach production.
Endor Open Source secures the third-party dependencies and container images that make up your software supply chain. It uses reachability-based SCA to surface only the vulnerabilities that can actually be exploited in your application, cutting through the noise of traditional scanners. It also includes malicious package detection, AI model governance, and SBOM and VEX generation.
Many teams purchase both products for comprehensive coverage for the entire software artifact (code, dependencies, container images) their engineering teams produce pre-deployment.
Endor labs does not store your source code. We offer flexible deployment options depending on your compliance requirements. Most customers choose to deploy agentless scanning via cloud apps for GitHub, GitLab, BitBucket, or Azure DevOps. In that case, we will briefly clone your source code to a container in our cloud and immediately destroy it after scanning.
We can also scan directly in your CI-CD pipelines. In that case, code stays within your runner, and only results are sent to the Endor Labs dashboard. You can also deploy Endor Outpost to run monitoring scans on a schedule outside of your CI/CD pipelines.
Pricing is seat-based and varies slightly depending on the SKU. For Endor Code and Endor Open Source, seats are defined by contributing developers. A contributor is a developer in your organization who has made one or more commits to a source code repository monitored by Endor Labs within the last 90 days.
Pricing scales with your team size. Volume discounts apply as your contributor count grows, with meaningful reductions as you scale.
Yes, Endor Labs uses fair usage limits based on the number of seats you purchased. These are based on annual quotas, so you can scan as much or as little as you need each day, week, month, etc. The fair usage limits are generous and not hard enforced (i.e., you’ll never be blocked from scanning). Most organizations will not need to purchase additional usage. Organizations running semi-autonomous agents or other scan-intensive workflows can purchase additional scan credits if needed.
Yes. Endor Labs is available on the AWS Marketplace, Microsoft Azure Marketplace and Google Cloud Marketplace, making it easy to consolidate billing and apply existing cloud spend commitments toward your subscription.
If your organization has strict data residency or compliance requirements, Endor Outpost is also available as an on-premises deployment option that runs entirely on your own infrastructure. Contact us to learn more about Outpost eligibility.
Endor Labs offers several Technical Success tiers designed to match your team's needs and the complexity of your deployment. Reach out to your account team or contact us to discuss which option is the right fit.